Forum der Gemeinschaft Alle Produkte

In Plain English how to use and secure encryption on all outgoing emails please and whether or not to use this great advantage. Many thanks to all those who contribute to this work, PB

Hi

I have a problem with Thunderbird which might be a bit niche but here goes...

The first attempt at sending an email fails as TLS Record Layer v1 is used, the mail server sees this and hard resets the connection so sending halts. See attached Wireshark trace screenshot "Failed".

If I retry the send again Thunderbird uses TLS Record Layer v1.3 and the email goes out ok. See attached Wireshark trace screenshot "Success".

If I send another message immediately no problem but if I wait 20-30 minutes the above cycle happens again.

I have set the minimum TLS version in the config to 1.3 (option 4) and restarted Thunderbird but this has not changed anything.

Any ideas how I can fix this? It's a pain because automated replies don't work.

Hi,

I have successfully added my personal certificate in my account's E2EE and I can ever since digitally sign messages. Yay! After importing a multiple valid certificates for recipients, I tried to send encrypted emails to some of these (one recipient per email draft). All of them highlight the recipient's address in yellow with a yellow status bar: "End-to-end encryption requires resolving certificate issues for [recipient address]"

Clicking on the button "S/MIME" -> "View Certificates Of Recipients", a window comes up showing the address with the status "Not found". When I open "Settings -> Privacy & Security -> Certificate Manager", I see the certificates present with valid dates. Using certutil to investigate cert9.db in Thunderbird's profile folder, I also see the certificates being in there, but what struck me was the trust status: [...] Fingerprint (SHA-256):

       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4

   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
       Object Signing Flags:

I changed the Trust flags (first for emails, then for SSL email) by running certutil -M -n <recipient's email addresss> -t ",P," -d <certdir>

This lead to

Fingerprint (SHA-256):
       7B:DF:9F:28:F2:B4:42:5E:37:06:EE:B8:D6:22:0C:70:12:05:F8:33:26:10:5A:1C:03:21:65:2A:C0:C3:3F:5E
   Fingerprint (SHA1):
       56:43:79:93:41:E0:8B:16:0A:FC:64:3E:74:B6:6F:F8:4E:67:93:D4

   Mozilla-CA-Policy: false (attribute missing)
   Certificate Trust Flags:
       SSL Flags:
       Email Flags:
           Terminal Record
           Trusted
       Object Signing Flags:

Whils I am not sure if this makes any difference to my beforementioned problem, I realize "Mozilla-CA-Policy: false (attribute missing)". How can I address this missing attribute and what can I do to get my emails encrypted, please?

Mozilla suddenly says "The certificate for mobile.charter.net does not come from a trusted source." It will not let me get my emails. Is this a problem with Thunderbird or Charter (Spectrum) I am able to receive email on my I Phone. I do not know which Thunderbird version and can't find it using your instructions. Help please

I'm used to check certs with right click on icon beside the address. Also for own servers in my local LAN I need this. I know there is Let's Encrypt. But sometimes it's more easy to just have a self signed cert and verify it myself. Also I want to see, who signed a cert from www.snakeoil.com/insert_your_credetials.

Please help.

rundekugel

When i try to update my schooles secure mail, i get the nev certifikat and the Root, and Ca1 under autoreties and give it the right rights but it keeps giving me this error message " Certificate verification failed with the following error: The peer's certificate issuer is unknown. (Error code: SEC_ERROR_UNKNOWN_ISSUER)"

Receive popup message: The certificate for mobile.charter.net does not come from a trusted source. In trying to send email, popup message: Sending the email failed. Peer's Certificate issuer is not recognized. The configuration related to mobile.charter.net must be corrected. Then it wants me to Add Security, Get Certificate.

Email not working on my desktop. Using Edge 11, Settings show certificate for mobile.charter.net:993 does not come from a trusted source. I can not send or receive email on my desktop. This started this morning. I have not made any changes to my computer, but did do an Edge update. I can check my email on my cellphone if there is a fix.

I am using Thunderbird 151.0.1 (64-bit), and I get the "trusted source" message in a pop-up every time Thunderbird checks for email. There is only an option to Dismiss presented. My account name changes color to red and has a red triangle with an exclamation mark displayed. I went to Settings > Privacy & Security > Security > Certificates > Manage Certificates and looked at all the certificates listed in the Certificate Manager > Authorities (which is the only section with anything listed) and don't see anything from mobile.charter.net. I can go to SPECTRUM.NET (Charter) and view my email with no problems. I'm at a loss as to be able to view my email in Thunderbird.

We have used mobile.charter,net for our emails since we signed up for your product. Now my husband gets the mobile.charter.net "certificate is not from a trusted source" error when Modzilla is retrieving emails. I have the same email provider, and do not get the error message from Modzilla. Can you help us correct this problem?

I am unable to download email for my Bell email accounts. For one of the two Bell accounts all messages disappeared. I get an error message saying saying the server's certificate is invalid.

I recently obtained a digital certificate for use with S/MIME. I followed the process laid out in

https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr

to generate my key pair, create a CSR, submit it to a CA, download the resulting certificate file, and import it into Thunderbird. I also imported the intermediate certificate showed as the issuer for my cert, which in turn appears to be signed by one of the certs trusted by default in Thunderbird.

Having done that, I see the certificate showing up under "your certificates" in the Certificate Manager, with a "not before" date in the past and a "not after" date in the future. So everything appears to look correct, but when I try to send a signed email I get the following error message as a pop-up:

"Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

And if I look at the console in developer tools I see:

"mailnews.send: NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgComposeSecure.beginCryptoEncapsulation]

   _startCryptoEncapsulation resource:///modules/MimeMessage.sys.mjs:488
   _writePart resource:///modules/MimeMessage.sys.mjs:536
   createMessageFile resource:///modules/MimeMessage.sys.mjs:82
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:147
   CompleteGenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6456
   GenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6372
   SendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6984
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1085
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1263
   goDoCommand chrome://messenger/content/globalOverlay.js:99
   oncommand chrome://messenger/content/messengercompose/messengercompose.xhtml:1
   openWindowPrompt resource:///actors/PromptParent.sys.mjs:75
   receiveMessage resource:///actors/PromptParent.sys.mjs:18
   openPrompt resource://gre/modules/Prompter.sys.mjs:1228
   openPromptSync resource://gre/modules/Prompter.sys.mjs:1071
   alert resource://gre/modules/Prompter.sys.mjs:1375
   alert resource://gre/modules/Prompter.sys.mjs:78
   fail resource:///modules/MessageSend.sys.mjs:358
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:157

MessageSend.sys.mjs:149:32

   createAndSendMessage resource:///modules/MessageSend.sys.mjs:149
   CompleteGenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6456
   GenericSendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6372
   SendMessage chrome://messenger/content/messengercompose/MsgComposeCommands.js:6984
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1085
   doCommand chrome://messenger/content/messengercompose/MsgComposeCommands.js:1263
   goDoCommand chrome://messenger/content/globalOverlay.js:99
   oncommand chrome://messenger/content/messengercompose/messengercompose.xhtml:1
   openWindowPrompt resource:///actors/PromptParent.sys.mjs:75
   receiveMessage resource:///actors/PromptParent.sys.mjs:18
   openPrompt resource://gre/modules/Prompter.sys.mjs:1228
   openPromptSync resource://gre/modules/Prompter.sys.mjs:1071
   alert resource://gre/modules/Prompter.sys.mjs:1375
   alert resource://gre/modules/Prompter.sys.mjs:78
   fail resource:///modules/MessageSend.sys.mjs:358
   createAndSendMessage resource:///modules/MessageSend.sys.mjs:157"

I can't make sense of the error message, since the certificate appears under "your certificates" in the certificate manager, and it does not appear to be expired. Can anyone suggest how to determine the root cause and fix it? Does it matter that the certificate is for a non-default identify I've added for the account in Thunderbird? Does it matter if the "common name" in the certificate doesn't match the "Your Name" field in Thunderbird? Any pointers on what to check would be appreciated.

Receiving emails was no problem, but when sending one I was repeatedly asked for my password. I did check the save password in the dialog box. I checked the account settings and saw a yellow alert next to certificate exception and clicked on remove. That apparently was a mistake because now I can't get into email since the security certificate is not valid. Reinstalling Thunderbird may be needed, but I need some advice before I try anything else.

I've been trying to set up a GPG key, but Thunderbird doesn't recognize my pub.asc file. So I created a PGP key thru Thunderbird and I would like to export it as ASCII-armored public key.

Hello,

I have been testing all browsers I use (Firefox, Chrome, Edge) on Cloudflare Post-Quantum Key Agreement to verify PQC support. They all support the X25519MLKEM768 hybrid scheme (i.e. Cloudflare web page returns "You are using X25519MLKEM768 which is post-quantum secure").

The issue: When I run the test in Firefox multiple times by doing repeated hard refreshes (Ctrl+Shift+R), quite often the result is "You are using X25519 which is not post-quantum secure". Sometimes the very first run after opening Firefox gives the X25519 (failing) result. "Often" varies. Sometimes it's around 10 fails out of 50 tests, other times it's 1 out of 50. It seems random.

I have read that sometimes networking equipment or even ISPs can be the cause of PQC requests falling back to non-PQC due to the long keys in PQC, but I do not see this intermittent issue with Chrome or Edge on the same computer/network/ISP as Firefox. I have not seen a single failure so far on those two browsers. The only variable I am aware of is the web browser.

I also tried connecting to a cellular hotspot as well as disabling my Norton 360 firewall and the results are the same as above.

Looking for help to resolve this issue. Thanks.

Hi Folks, I use, as do others I know, Thunderbird for Android. Recently it has decided that the SSL Certificate it accepts for fetching emails is not valid for sending and requires you to accept and make an exception for the certificate. Has anyone else found this? I have tested the certificate, provided by Lets Encrypt, on several servers all claiming SMTP, POP3 an IMAP offer valid certificates. Yet Thunderbird still claims it is a security threat. Can omeone off an answer please? I am currently helping others accept the certificate.

Thunderbird ofr Android is V18.0

regards Anthony